Where to get apps on GOS

murmur

Hi,

I just installed GOS, and I noticed it doesn't have any app store preinstalled.

What is the intended way to install apps on GOS? Should I download the apks for F-Droid / Aurora from their websites and go from there?

Thanks in advance

Sbpr

murmur

This is in unfortunately one of those questions that should be simple to answer for new users but unfortunately, the answer is not just complex but also creates additional questions about how to even use grapheneos. Please note I'm not a security expert, I'm just another user who has tried to piece together things I've read from others over the last few months.

There are several ways people get apps, each with their own use case as well as security and privacy implications.

They are in no particular order:

Grapheneos apps
Google Play Store
Google Play Store with "anonymous" google account
Google Play Store with "anonymous" account on isolated owner profile
Aurora Store without a linked Google account
Aurora Store with a linked Google account
F-Droid
Other F-Droid Repositories
Acresscent
Direct downloads (like github) using RSS feeds
Direct downloads using Obtainium

Right off the bat, grapheneos does provide a few apps in its own Apps app. These are designed to work with Grapheneos so install from there if its an option.

As for more comprehensive app sources:

In terms of privacy, F-Droid is often the go-to solution for privacy minded enthusiasts, but there are some security concerns such as the way the official F-Droid repo signs certificates and delays updates. This can be remedied by using different F-Droid Repos instead of the official F-Droid repo such as IzzyOnDroid as well as official repos created by your app's developer (molly, newpipe, etc). There are also concerns about the F-Droid app itself such as it shipping with an outdated version and the official app containing security concerning features. As a result, I see people recommend using "F-Droid Basic" until these issues are resolved in the official app. F-Droid Basic removes or turns off these security vulnerable features.

Even using other F-Droid Repos and using F-Droid basic is still not preferred by some people who instead recommend getting apps directly from the developer (such as their github releases page) instead of from a third-party store. There are two methods for doing this.

The first, slightly outdated way, is to setup RSS feeds on an RSS app like Feeder that track app updates and then manually install updates when they appear on your feed.

The second and more recent elegant approach is to use an app called Obtainium that will both track updates for you as well as let you download and install it directly from the app. You do this by pointing Obtainium to the compatible direct downloads page. The app works mostly seamlessly though I haven't been able to get it to automatically install updates, if this is even a feature. Though I do get notifications when a new update is available.

Unfortunately, these methods have two caveats. The first is that you may need apps that aren't available and the second is it requires you to fully trust the developer without any third-party vetting. If you are a security expert, this might not be a problem. For most people, it's not very practical outside of some hand picked apps. You're also still having to trust a third-party such as trusting github.

In terms of security for most users, Acresscent and Play Store seem to be the best. Acresscent seems to want to create a store that values both privacy and security and I often see others refer to Acresscent as the future go-to app store for degoogled devices. However, right now, there are barely any available apps so it's more of something to keep an eye on but not an immediate solution.

The Play Store using sandboxed play services is the next best option for most people to install known reputable apps from a security standpoint (just because an app is on the play store doesn't inherently make it safe). However, using the play store comes with a privacy cost since even with play services being sandboxed, apps can still bypass thess restrictions by communicating with other apps that allow them to using something called Interprocess Communication (IPC). Since you need to login to a google account, your entire Grapheneos profile will likely be tied to your google account and apps will be able to identify you using this info. (Grapheneos is planning a feature to block/spoof this, but it's still in the works without an expected release date).

There are some workarounds in the meantime. The simplest would be to use the Aurora Store, a third-party front end that gives you access to play store apps without having to install google stuff. However, this lacks some play store security features like Play Protect and also requires you to trust an extra third party. Aurora store also has problems with automatic updates and the app often breaks when not using it with a google account. Conversely, logging into Aurora store with a google account is against Google's terms of service and risks having your account deactivated. Further, not all apps are available such as paid apps and some apps won't work unless they are installed from the actual play store. Grapheneos officially recommends using the official Play Store to install play store apps in their user guide.

The second option is not a real solution, but I'll mention it anyway: using another google account. Unfortunately, this is privacy theater since google will still likely be able to tie that account to you based off other identifiers such as location data, IP address, app installs, payment info, etc. All it takes is one slip up and there are a bunch of ways to accidentally do this when running google services on your main profile, even when sandboxed.

The last option is to use grapheneos's unique user profiles feature. Grapheneos supports installing apps on the owner profile and then pushing these app installs to other user profiles. So on the owner profile with an always on trusted VPN such as ProtonVPN, you install play services on the owner profile and use the play Store with an "anonymous" google account. There are some guides on how to create an account without revealing personal info such as phone number and IP address. Don't use the owner for anything else except to manage app installs with the VPN always running while you use another user account as your main profile. Apps on different profiles can't communicate with each other using IPC. You can even disable the apps you install on the owner profile and they should still get updated on the user profile.

Please also understand that everyone has their own threat model. Some people need absolute privacy and are willing to sacrifice some security and vice versa. Similarly, some people may not want to deal with the inconvenience and simply run everything on the owner profile while logged into the play store just like normal stock. These are decisions you need to make based off your own threat model.

[deleted]

murmur

Progressive Web Apps (PWA) is another option.
https://www.youtube.com/watch?v=crF0c96pXhI

mtukl

Hello and welcome to GrapheneOS!

You likely wanna start by thinking about what App Store you want to use. Your two main choices are F-Droid and the Google Play store using the Sandboxes Google Play Services. You could also use Aurora, but this is not highly recommended by GrapheneOS if I'm not mistaken.

You can easily install Google Play by going into the "Apps" app, clicking on "Google Play Services" and installing these. This will also install the Play Store. Please note that you might need to give it further permissions, such as installing apps on the device. The same goes for F-Droid, but you'll need to download it from the official F-Droid website. After you downloaded the APK, open it and you'll likely be prompted for the app install permission again. Grant it, install F-Droid, and then don't forget to revoke it from the Vanadium/Files app you opened the APK with.

After F-Droid is successfully installed, you need to grant the F-Droid app itself the permission.

I hope that helps! Have fun with GrapheneOS. :)

murmur

Thanks for the reply! Could you give me more insight why Aurora is not recommended?

[deleted]

murmur

That's a good question. This https://grapheneos.org/faq#bundled-apps mentions Aurora as an option instead of directly from Google Play. The amount of malware in Google Play is a far greater risk as far as I'm concerned but I'm not a security expert.

DeletedUser29

murmur For a gist of it, see this answer by matchboxbananasynergy https://discuss.grapheneos.org/d/2962-app-repositories-google-vs-aurora-vs-apk-vs-fdroid/2

As well as Metroplex's answers here
https://discuss.grapheneos.org/d/1251-should-i-download-apps-from-the-aurora-store-instead-of-the-google-play-store

The short of it is that Aurora Store is less secure than Play Store, but is more private. GrapheneOS heavily prioritises security so they do not recommend Aurora. But generally speaking, you'll be fine using Aurora, just be aware of the potential risks.

Carlos-Anso

DeletedUser29

It is not the case that GrapheneOS prioritises security above privacy. That is a common misconception that sadly is often repeated with the consequence that many consider it true. Security AND privacy are both primary concerns and improving them is the whole point of GrapheneOS.

Theres a whole lot of factors that need consideration when assessing where might be a good place for any given user to get their apps.

Also it is not at all clear cut that using Aurora Store provides more privacy than using the Play Store. There are lots of other factors that need consideration to determine potential privacy implications and then how much these implications matter to any given user.

[deleted]

Carlos-Anso this sounds like a response AI would generate. What in your opinion is more private to use within the same subset of apps, one with the presence of Google Play or one without? I already guess the answer, but would like to hear it from you. And before you go on to say the usual, that Google Play on GOS is fully sandboxed and behaves like any other app, take into consideration that installing it gives it considerable counter privacy oriented access and makes it a bridge between many user installed apps that rely on use of built-in google libraries. I am in no way an expert, but would rather sacrifice a tiny bit of security in exchange for a lot more privacy.

DeletedUser29

Carlos-Anso Thank you for the correction and my apologies for speaking out of turn. I'll take care to be more accurate going forward. Feel free to edit the inaccuracy in my previous comment.

de0u

[deleted] What in your opinion is more private to use within the same subset of apps, one with the presence of Google Play or one without?

Some apps require Play Services, whether installed via the Play Store or via Aurora.

Is the question about apps on the Play Store that don't require Play Services, or about apps that are on both the Play Store and some other place?

As is the case with VPNs, where one can conceal one's traffic from one's ISP by revealing it to one's VPN provider, installing apps via Aurora instead of the Play store reveals information to Aurora.

And if one installs a Play Store app via Aurora and the app used Play Services, some information is leaked to two parties (Aurora and Google) instead of one (Google).

Meanwhile, if the app itself is invasive (reports things about you to its servers), where it was installed from doesn't make much difference. So picking apps may be at least as important as picking installation methods.

Carlos-Anso

[deleted]
Just because you dont want to believe what I was explaining doesnt mean I am an AI!

As I mentioned theres huge amounts of variables here which means sweeping statements about what is and isnt "more private" are really not very useful.

I imagine youve got a number of variables firmly set in the way you are imagining someone may be using their device - but there are lots of other ways which can again alter implications.

For example some people have Play Services and Play Store installed but get their apps via Aurora Store. Others only use their owner profile to install and update apps. Potential use case which your analysis effectively ignores.

Even if we ignore all this extra complexity and focus purely on the way you use your device, apps from Aurora and none of the Google Play apps, the privacy implications are not necessarily as clear cut as you may like to believe.

As has been often explained apps which communicate with Play Services do so via libraries that are included in the app. Those libraries have all the permissions granted to the app which they are a part of. In most cases they will communicate directly with Google servers if the device does not have Play Services installed. see -
https://firebase.google.com/docs/android/android-play-services

There is no need for the Play Services app to be "acting as a bridge" for apps, or the Google libraries within them, to be able to communicate with one another or to collect data which confirms that they are on the same device.

For example if apps/libraries collect the battery level every few hours it wouldnt take long, using just this data, to confirm they are installed on the same device.

If the aim is to minimize the possibilities of Google collecting data about you, you could, as much as possible, avoid using Google apps which give them data about you (maps, docs, keyboard, youtube etc.) and apps which include Google libraries. Or maybe not give internet permissions to any of these apps. Also avoid granting them access to your data. These things clearly limit the ability for data to flow to Google.

Thinking that you win some privacy against Google by installing apps via Aurora Store rather than Play Store without considering many other factors is misguided. Depending on exactly what apps you have and how your run your setup its possible to use Play Store and have better privacy against Google than someone else who doesnt have Play and uses Aurora.

On GrapheneOS the Play Store and Play Services dont get magical/privileged access to all your data. Unless you grant them permissions they get very little extra data. As already mentioned data sent to them from other apps will largely go directly from those apps to Googles servers if they arent present on the device

fid02

If you happen to want to create a Google account for the Play Store, you can do that on GrapheneOS without providing a phone number: https://discuss.grapheneos.org/d/3366-how-to-create-google-account-anonymous/66

Basically, sign up through the Play Store app behind a non-suspicious IP address and you shouldn't be asked to provide a phone number.

N1b

Adding to the advice given already: If you require anything else than Play Store (e.g. for apps such as NewPipe or Molly), I'd recommend going one of two routes:

Droid-ify will streamline the process of installing apps from the F-Droid Repository and others (IzzyOnDroid being a famous one). It has a nice design and allows for unattended updates in the background without any root access.
Obtainium will allow you to automate downloading and installing apk files directly from the developers, github, F-Droid etc., giving you a more fine tuned setup and e.g. beta participation for Signal and other apps. It does require more time and fiddling around compared to Droid-ify, but after the initial setup it's just as smooth with unattended updates.

murmur

Thanks all for the extensive replies!

N1b

F0SSIL Would be nice if more apps like KeepassDX had their own repository so I don't always have to manually check for a new release on Github.

Sounds like something Obtainium can do for you. Could even replace Droid-ify if you set it up once...

mmmm

I mainly use Obtainium. I also use Aurora and droidify.

A small warning regarding Obtainium; if you have installed an app via Obtainium, and that app is available on another store from you may have installed, any updates will be offered there too. Its extremely easy to forget and 'update all'. Its important to keep an eye and if possible blacklist them from the app (you can do that with aurora, I dont know about the play store). If you dont, the affected app suddenly not be updatable via the original Obtainium method. Thats likely undesirable if you have already gone to the effort of using Obtainium in the first place.

DeletedUser115

mmmm you can do that with aurora, I dont know about the play store

There is a per-app checkbox in Play Store to disable automatic updates for specific apps you want.

Dumdum

mmmm
As far as I'm aware, this is only if the github APK matches the GPlay APK. Plenty of github apps offer non-GPlay APKs which shouldn't be affected. For example, I have a number of Fossify apps installed which aren't even detected by GPlay.

mmmm

DeletedUser115 ah right. Well I dont use play store (yet, it may change). Good to know.

mmmm

Dumdum yes you're right. I have a couple of fossify apps and thats true. I'm not sure that info would be easily found - or at least obvious. Still worth the warning.

DeletedUser115

Something else about Aurora and F-Droid that is not talked about much. Apart from their security shortcomings, there is a big question what makes them trustworthy or not for you. I personally have very hard time trusting a person or group of people who run those projects to act as a supply channel for all my apps. To me this risk is not justifiable.

Same to the less extent applies to Obtanium. For apps not available on Play Store or that ones that I don't want to get via Play Store, I prefer to do a first install from GitHub or dev website directly and then let Obtanium update them because any malicious or invalid update will be rejected by the OS (unlike the first install).

mmmm

DeletedUser115 I prefer to do a first install from GitHub or dev website directly and then let Obtanium update them

I didn't think of that, thanks. Good advice.